North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Is there a line of defense against Distributed Reflective attacks?
- From: Sean Donelan
- Date: Fri Jan 17 03:50:01 2003
> > What kinds of mechanisms exist for keeping track of the origins of
> > something of this nature?
> Normally that's not very productive as they are mostly owned boxes that
> will be rebuilt and reowned in days :(
We could automate the tracing process, like *57 customer initiated trace
on the telephone network ($5 per use). But then what?
You can track the sources as quickly as you can, but part of the question
becomes how long and how many sources do you keep blocked once you have
tracked them. Is it one strike and you're out forever. If 80% of the
attacks are not spoofed, why not create yet another RBL and keep adding
more and more addresses? If you remove the filter after the attack stops,
it will just come back or they'll choose a different victim.
Do we need te equivalent of a dog bite law for computers. If your
computer attacks another computer, the owner is responsible. File a
police report, and the ISP will give the results of the *57 trace to
the local police. The police can then put down the rabid computer,